I was reading some old web pages of mine on a Windows XT machine via IE when I got a notice that IE had suppressed content on the page that might try to harm the computer.
I’d noticed that the pages had been hacked some time ago: certain words on the pages had a blue double underline beneath them. It looked kinda like they were hidden links. They don’t show at all or do anything on Mozilla, or on IE for the Mac, so I kinda figure it’s a Windows/IE hack, but I don’t know.
The pages in which these links are headed are all text with one or two jpeg images at most, and are hand-coded HTML, very simple stuff.
What I figure is that someone hacked into my website and replaced my pages with the new pages.
The weird thing is, I’ve looked at the source code and it doesn’t show the double underlines or the code that produces the double underlines.
Anybody have any idea what happened here? This kind of hack sound familiar to anyone?
Wait a minute, no it doesn’t. The reason I posted here is that I DID check it out on a new machine, and that heavily-firewalled machine is reporting someting on the page.
A firewall will not prevent spyware from installing if your browser has permission to access the internet. Still, it is unlikely both machines have exactly the same infection.
Did you run any anti-spyware programs? A couple great free one’s, not sure of the rules if I can post them or not so I won’t but I would run one of them before anything else, free and easy.
Actually, there’s a sticky with some suggestions for keeping your computer secure on this page. I have taken those precautions on my Wintel box, but I didn’t always take those precautions. My Mac running Mozilla doesn’t need most of them.
If your source code on the server has not been altered, but the display in a browser shows links that you did not author, the browser has been hijacked. This kind of malware searches for keywords and builds a link to its own advertisers. Move your pointer over the suspicious links and you may find they all point to a similar site (the ad site).
To get rid of this, run all the usual scans – Spybot, AdAware, etc.
Its insidious, cause only the original web page designer is likely to know which links are valid. However, an excessive amount of links on every page suggests this trick has been played on the user.
View source code on Mozilla, or on IE for the Mac. If that is the same as what you uploaded to the server, your site hasn’t been hacked. You could also try, using your FTP client, downloading direct what is on the server and examine that.
Well, that’s the weird thing. The pages that are giving me the problem are from my old site, which is not online anymore. There is no site to be hacked, but IE is still giving that message about active code on my web page (which it accessed via floppy disk) which could harm the computer. That’s the part I find puzzling. Well, that and the fact that the stuff doesn’t show when I view source, because when I discovered the hack initially, the first thing I did was look at the source code, as noted in my OP.
Did you hover over the added underlines, to see if they were links? If they are, the destination URL should show up at the bottom of the browser window, unless it’s been masked with a name (which would show up instead).
I have found, that if my web page contains javascript that changes the files displayed (eg, image rollovers or the like) IE complains when I load this page up from a local copy. It seems that the JS to load “images/newimg.jpg” triggers IE’s “ack! It’s touching local files!” alarm, since “images/newimg.jpg” in this case is “C:/My Documents/My Webpage/images/newimg.jpg”. If I load the page on a remote server, I don’t get this warning.
The problem you are experiencing is completely expected, and has nothing to do with your site or browser being hijacked.
When you are loading web pages from a local source, they are not being viewed through a web server. IE treats such pages as a different “zone,” one that is not by default trusted. I see exactly the same symptoms when I view the HTML-based documentation of a $50,000 graphics system we use. The ActiveX control they use to display their menu tree causes the same error message (about potentially harmful content being blocked).
As an aside, you will notice that IE will similarly block some functionality of even pure XML files as a precaution. Since it’s a handy tool for verifying generated XML (from our software), it’s a situation we have every day.
These pages were written a while ago. In HTML 2.0, back when it was relatively new and shiny. No javascript, no CSS. As I recall the hot new function for 2.0 was tables.
OK, that makes sense. The double lines from when my site was online is a server hack. The message about harmful content being blocked is a firewall thing triggered by reading from a floppy disk. Makes sense. I’ll buy it.
And that is most likely what it is, I could show you screenshots of my website back-ups doing the same thing. I was under the impression it was happening online. Not with a back-up. Glad it got answered to relieve your mind!